Add Security Best Practices & Code Snippets to SDK Documentation #147
Description
Is your feature request related to a problem? Please describe.
Add Security Best Practices & Code Snippets to SDK Documentation
Motivation
The Base SDK (base/account-sdk, base/web, etc.) provides convenient abstractions for interacting with accounts and contracts.
However, developers — especially newcomers — often encounter common security pitfalls such as:
- Unsafe nonce handling
- Gas underestimation
- Missing confirmation checks
- Reentrancy vulnerabilities
- Replay attacks (EIP-712 domain separation)
At the moment, the SDK documentation does not cover these patterns in detail.
Providing secure examples and recommended practices directly in the SDK would significantly improve developer experience and reduce risks in production dApps.
Proposal
Create a Security Best Practices guide inside the SDK repository (e.g., docs/security.md) that includes TypeScript code snippets and Solidity patterns.
Suggested inclusions
1. Nonce Management
Ensure transactions always use the latest pending nonce to avoid collisions:
import { Wallet } from "@base/account-sdk";
async function safeSend(wallet: Wallet, tx: any) {
const nonce = await wallet.getNonce("pending");
const signed = await wallet.signTransaction({ ...tx, nonce });
return wallet.sendTransaction(signed);
}
### Describe the solution you'd like
I would like to see a dedicated Security Best Practices guide included in the SDK documentation (e.g., docs/security.md).
This guide should contain TypeScript snippets and Solidity patterns demonstrating secure usage of the SDK, including:
- Safe nonce management
- Gas limit estimation with buffer
- Reentrancy guard examples
- Waiting for multiple confirmations before updating UI state
- EIP-712 domain separation to prevent replay attacks
The goal is to provide developers with secure defaults and ready-to-use examples directly in the SDK, reducing the risk of common mistakes when building dApps on Base.
### Describe alternatives you've considered
_No response_
### Additional context
This improvement would:
- Help new developers avoid common pitfalls
- Promote security best practices in the Base ecosystem
- Improve developer trust and adoption of the SDK
Example snippet for nonce safety:import { Wallet } from "@base/account-sdk";
async function safeSend(wallet: Wallet, tx: any) {
const nonce = await wallet.getNonce("pending");
const signed = await wallet.signTransaction({ ...tx, nonce });
return wallet.sendTransaction(signed);
}